Tuesday, 5 April 2011

SET Java Applet Attack

I am going to be looking at Java applet attack using SET, which is the social engineering tool kit.
SET uses smart ways of exploiting the user rather than the system. This means that it's easier to get the victim to give you access rather than breaking into the system its self. 

This attack uses the Java applet attack method to firstly clone a web site and add on a fake Java applet with a payload then ettercap uses DNS poisoning to force the user to visit this web site.
Finally the payload is a metasploit reverse connection shell allowing the attack to use the metasploit commands to do whatever he wants. There will be a metasploit video coming soon!

In a shell the directory is changed of that of SET using cd /pentest/exploits/SET
execute set using ./set
update set, then exit reload set using ./set
and update the metasploit modules.

The next step is to change the settings using nano config/set_config
apt-get the 2 Java packages (you don't need both but I would always rather over do it!)
edit the config and save with ctrl + x

Reload SET and then your ready to set up a cloned website. 

Once the victim has accepted the fake java applet, you own him :D 
SET is a fantastic tool, have a look round and play with it. 


Geoffrey everything about you is sooooo Geoffrey!

No comments:

Post a Comment